search

jetstack / kube-lego

DEPRECATED: Automatically request certificates for Kubernetes Ingress resources from Let's Encrypt
Apache License 2.0
2.16k stars 267 forks source link

DNS resolving of fourth-level domain #226

Closed djkutiger closed 7 years ago

djkutiger commented 7 years ago 
kubectl exec -it kube-lego-1766861920-1q0jk -n kube-lego -- ping a.b.example.com
ping: bad address 'a.b.example.com'

As a consequence kube-lego is not able to access http://a.b.example.com/.well-known/acme-challenge/_selftest

munnerz commented 7 years ago

Have you got an example of a real & non-working domain?

This doesn't seem to be an issue with kube-lego, but rather either you DNS configuration or the 'ping' command in alpine linux itself (which is highly unlikely too!!).

I've just had success with the following:

➜  ~ kc exec -it kube-lego-3059478269-plcrc -n kube-lego -- ping a.b.xip.org
PING a.b.xip.org (185.53.178.9): 56 data bytes
ping: permission denied (are you root?)

(whilst the ping itself isn't possible due to policies on the kube-lego container, it is able to resolve the domain).

Could you provide some more information about a) which domain you're resolving, b) your DNS configuration, c) error messages that you are seeing from kube-lego (preferably with an actual domain that I can attempt to ping myself!)

munnerz commented 7 years ago

Also, when did you point the record for a.b.example.com at your ingress controller? Could it be that the record is still propagating and/or kube-lego has cached a stale DNS record prior to the new record propagating?

djkutiger commented 7 years ago

Sorry for bothering. Now everything works as expected.